View Single Post
  #5   (View Single Post)  
Old 2nd December 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

Yes, but they usually insist that there is also second nameserver in another netblock

You can easily check with dig whether your nameserver has been adopted into the domain name system:
Code:
$ dig +norecurse -t ns SNIPER-UNIX.ORG @a.root-servers.net

; <<>> DiG 9.3.4 <<>> +norecurse -t ns SNIPER-UNIX.ORG @a.root-servers.net
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52839
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12

;; QUESTION SECTION:
;SNIPER-UNIX.ORG.               IN      NS

;; AUTHORITY SECTION:
ORG.                    172800  IN      NS      A0.ORG.AFILIAS-NST.INFO.
ORG.                    172800  IN      NS      D0.ORG.AFILIAS-NST.ORG.
ORG.                    172800  IN      NS      B2.ORG.AFILIAS-NST.ORG.
ORG.                    172800  IN      NS      C0.ORG.AFILIAS-NST.INFO.
ORG.                    172800  IN      NS      B0.ORG.AFILIAS-NST.ORG.
ORG.                    172800  IN      NS      A2.ORG.AFILIAS-NST.INFO.

;; ADDITIONAL SECTION:
A0.ORG.AFILIAS-NST.INFO. 172800 IN      A       199.19.56.1
A0.ORG.AFILIAS-NST.INFO. 172800 IN      AAAA    2001:500:e::1
A2.ORG.AFILIAS-NST.INFO. 172800 IN      A       199.249.112.1
A2.ORG.AFILIAS-NST.INFO. 172800 IN      AAAA    2001:500:40::1
B0.ORG.AFILIAS-NST.ORG. 172800  IN      A       199.19.54.1
B0.ORG.AFILIAS-NST.ORG. 172800  IN      AAAA    2001:500:c::1
B2.ORG.AFILIAS-NST.ORG. 172800  IN      A       199.249.120.1
B2.ORG.AFILIAS-NST.ORG. 172800  IN      AAAA    2001:500:48::1
C0.ORG.AFILIAS-NST.INFO. 172800 IN      A       199.19.53.1
C0.ORG.AFILIAS-NST.INFO. 172800 IN      AAAA    2001:500:b::1
D0.ORG.AFILIAS-NST.ORG. 172800  IN      A       199.19.57.1
D0.ORG.AFILIAS-NST.ORG. 172800  IN      AAAA    2001:500:f::1

;; Query time: 174 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Thu Dec  3 01:09:00 2009
;; MSG SIZE  rcvd: 435
Here we do a non-recursive query at the a.root-servers.net for the nameserver of your domain.
The answer is an referral, or "I don't have that info, but the following nameservers can help you further".
Then you ask one of those they referred: 199.19.56.1
Code:
$ dig  +norecurse -t ns SNIPER-UNIX.ORG @199.19.56.1        

; <<>> DiG 9.3.4 <<>> +norecurse -t ns SNIPER-UNIX.ORG @199.19.56.1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20045
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;SNIPER-UNIX.ORG.               IN      NS

;; AUTHORITY SECTION:
ORG.                    900     IN      SOA     a0.org.afilias-nst.info. noc.afilias-nst.info. 2008922739 1800 900 604800 86400

;; Query time: 139 msec
;; SERVER: 199.19.56.1#53(199.19.56.1)
;; WHEN: Thu Dec  3 01:13:24 2009
;; MSG SIZE  rcvd: 96
This returns a SOA record instead of a proper answer.
You can repeat this for the others
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 3rd December 2009 at 12:17 AM. Reason: Added example how to use dig to check the nameserver
Reply With Quote